Commit 2f5fefd3 authored by Thomas Markwalder's avatar Thomas Markwalder
Browse files

[master] v6 FQDN option unpacking now handles values with spaces and non-printables

    Merged in rt43592.
parent 121a5681
......@@ -172,6 +172,13 @@ by Eric Young (eay@cryptsoft.com).
reporting the issue.
[ISC-Bugs #28038]
- DHCP6 FQDN option unpacking code now correctly handles values that contain
spaces, special, or non-printable characters. Prior to this the buffer
size needed was underestitmate causing a conversion error message to
be logged and DNS updates to be skipped. Thanks to Fernando Soto at
BlueCat Networks for bringing the matter to our attention.
[ISC-Bugs #43592]
Changes since 4.3.0 (bug fixes)
- Tidy up several small tickets.
......
......@@ -3594,12 +3594,17 @@ fqdn6_universe_decode(struct option_state *options,
return 0;
/* Save the contents of the option in a buffer. There are 3
* one-byte values we record from the packet, so we go ahead
* and allocate a bigger buffer to accommodate them. But the
* 'length' we got (because it is a DNS encoded string) is
* one longer than we need...so we only add two extra octets.
*/
if (!buffer_allocate(&bp, length + 2, MDL)) {
* one-byte values we record from the packet. The input is
* DNS encoded and to be safe we'll assume that each character
* is non-printable and will be converted to an escaped number:
* "\\nnn". Yes, we'll have dead space pretty much all the time
* but the alternative is to basically dry run the conversion
* first to calculate the precise size or reallocate to a smaller
* buffer later, either of which is a bigger performance hit than
* just doing a generous allocation. */
unsigned bp_size = 3 + (length * 4);
if (!buffer_allocate(&bp, bp_size, MDL)) {
log_error("No memory for dhcp6.fqdn option buffer.");
return 0;
}
......@@ -3611,7 +3616,6 @@ fqdn6_universe_decode(struct option_state *options,
goto error;
/* XXX: We need to process 'The "N" bit'. */
if (buffer[0] & 1) /* server-update. */
bp->data[2] = 1;
else
......@@ -3631,7 +3635,7 @@ fqdn6_universe_decode(struct option_state *options,
goto error;
/* Convert the domain name to textual representation for config. */
len = MRns_name_ntop(buffer + 1, (char *)bp->data + 3, length - 1);
len = MRns_name_ntop(buffer + 1, (char *)bp->data + 3, bp_size - 3);
if (len == -1) {
log_error("Unable to convert dhcp6.fqdn domain name to "
"printable form.");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment